Sign up or log in to save this to your schedule and see who's attending!

VxWorks is the world’s most widely-used real-time operating system deployed in embedded systems. Its market reach spans across all safety critical fields, including the Mars Curiosity rover, Boeing 787 Dreamliner, network routers to name a few. The safety critical nature of these applications make VxWorks security a major concern.

Our team has conducted a thorough security analysis on VxWorks, including its supported network protocols and OS security mechanism. We will present the tool we developed for VxWorks assessment. The main goal of our tool is to provide effective penetration testing by implementing the WdbRPC protocol in python. To show its effectiveness, we are going to reveal some of the bugs we discovered along the way.

Finally, we will wrap up by demonstrating the vulnerability we found that allows remote code execution on most VxWorks based devices. A quick Internet scan shows that at least 100k devices running VxWorks are connected to the Internet. Considering the popularity of VxWorks in the age of IoT, this issue will have a widespread impact.

Yannick is a french passionate IT security researcher at Istuary Innovation Group. He graduated from Bordeaux 1 University (France) with a master of science in Cryptography and IT Security in 2010. He worked 4 years as a subcontracting IT Security consultant for Airbus and Thales groups. He then moved to Vancouver where he works for Istuary as an IT Security researcher since January 2015. His main focus is the software vulnerability... Read More →